Sandboxie+ Release v0.6.5 / 5.47.0

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
Last edited:

bjm_

Level 14
Thread author
Verified
Top Poster
Well-known
May 17, 2015
667
FWIW ~
Edge users may want to stick with 0.6.0.....for now.
My Edge has issues with 0.6.5.
I'm back with 0.6.0....for now.
--
Edit:
Edge is not automatically deleted #493
https://github.com/sandboxie-plus/Sandboxie/issues/493#issue-798330084
 
Last edited:

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Thx @bjm

I am using FF as newspaper reader only (with bypass paywall add-on) and had added uBO in medium mode (with only Kees1958 as blocklist). I noticed there were two versions a plus still in development (0.6.x version) and a classic 5.47.x version). I have not played with Sandboxie so I decided to download the 'classic' (assuming a 5.v version has less bugs than a 0.6 version).

It took me some time to figure out on how to create an shortcut to start firefox (which is not my default browser, I am using Edge-chromium for that). After succesfully creating the icon I browsed through the settings and changed the following settings (for firefox)

Recovery > Quick recovery - Downloads folder
Delete > Delete invocation - Automatically delete contents of sandbox
Program Start > Forced Programs - Firefox.exe
Program Stop > Leader Programs - Firefox.exe
Restrictions > Internet Access - Firefox.exe
Restrictions > Start/Run Access - group <FirefoxPrograms>
Restrictions > Drop Rights - Enabled
Resource Access > File Access > Read-Only Access - Users\Public
Resource Access > File Access > Blocked Access - D (documents drive) + M (media drive) + R (recovery drive)
Resource Access > Registry Access > Read-Only Access - \REGISTRY\USER\

Is this the way to run FF isolated?
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Thx @bjm

I am using FF as newspaper reader only (with bypass paywall add-on) and had added uBO in medium mode (with only Kees1958 as blocklist). I noticed there were two versions a plus still in development (0.6.x version) and a classic 5.47.x version). I have not played with Sandboxie so I decided to download the 'classic' (assuming a 5.v version has less bugs than a 0.6 version).

It took me some time to figure out on how to create an shortcut to start firefox (which is not my default browser, I am using Edge-chromium for that). After succesfully creating the icon I browsed through the settings and changed the following settings (for firefox)

Recovery > Quick recovery - Downloads folder
Delete > Delete invocation - Automatically delete contents of sandbox
Program Start > Forced Programs - Firefox.exe
Program Stop > Leader Programs - Firefox.exe
Restrictions > Internet Access - Firefox.exe
Restrictions > Start/Run Access - group <FirefoxPrograms>
Restrictions > Drop Rights - Enabled
Resource Access > File Access > Read-Only Access - Windows + Program Files + Program Files (x86) + ProgramData
Resource Access > File Access > Blocked Access - Users\Public + D (documents drive) + M (media drive) + R (recovery drive)
Resource Access > Registry Access > Read-Only Access - \REGISTRY\

Is this the way to run FF isolated?
Not exactly. If something can escape from Firefox, then it can still have read access to important resources:
  1. Windows Registry.
  2. Almost all folders on the system disk.
  3. USB drives with not protected drive letters (E, F, G, etc.)
So, the isolation is approximate.
You can harden your sandbox by allowing only Firefox processes, but then some extensions can fail.
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Not exactly. If something can escape from Firefox, then it can still have read access to important resources:
  1. Windows Registry.
  2. Almost all folders on the system disk.
  3. USB drives with not protected drive letters (E, F, G, etc.)
So, the isolation is approximate.
You can harden your sandbox by allowing only Firefox processes, but then some extensions can fail.
I understand what you are telling, software sandboxes running in same (virtual) machine are allways approximate, but . . .

1. Firefox runs with dropped rights (so should not be able to change UAC protected objects)
2. Applied read-only restrictions for Firefox in the sandbox (registry USER & User/Public)
3. Start/run access restrictions are for firefox already applied
4. Firefox is only program allowed outbound internet
5. Firefox has uBlockOrigin Added blocking third-party scripts and frames

I only use Firefox for reading online news papers (Edge chromium is default browser), so approximate is good enough
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I understand what you are telling, software sandboxes running in same (virtual) machine are allways approximat, but . . .

1. Applied restrictions for all programs in the sandbox (registry and UAC folders are read only)
2. Start/run access restrictions are for firefox were already applied (

so unless escape uses vulnability in firefox and sandboxie all other programs should be isolated. Sincd I have not won the lottery, I don't expect to be so unlucky to be the victim of a double fail.
Yes. Simply, the Sandboxie isolation cannot be compared to the isolation in the Virtual Machine or Application Guard for Edge. Also, the Firefox processes in the Sandbox are not protected so well against the unsandboxed processes (by default the sandboxed system processes have additional protection).

Edit.
A more probable (but still rare) scenario can be escaping from the web browser due to the hidden incompatibility of Sandboxie with the updated web browser. Another problem can be Sandboxie incompatibility with updated Windows (Sandboxie will fail).
 
Last edited:

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Yes. Simply, the Sandboxie isolation cannot be compared to the isolation in the Virtual Machine or Application Guard for Edge. Also, the Firefox processes in the Sandbox are not protected so well against the unsandboxed processes (by default the sandboxed system processes have additional protection).

Edit.
A more probable (but still rare) scenario can be escaping from the web browser due to the hidden incompatibility of Sandboxie with the updated web browser. Another problem can be Sandboxie incompatibility with updated Windows (Sandboxie will fail).
Thanks, i use Edge-chromium with WD Application Guard and ExploitGuard Protection (only allow Microsoft Signed DLL's) for surfing.

Edit:
The only interface between Edge WDAG and Edge in strict mode is the clipboard (set in GPO) for copying links and text when writing content for the websites I maintain (mainly pubs and restaurants). For the pubs it is really hard to create interesting content, because of the lockdown.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top